[Haskell-cafe] Re: the Network.URI parser

Miguel Mitrofanov miguelimo38 at yandex.ru
Wed May 28 01:28:11 EDT 2008

> I am taking comments on a web forum from arbitrary people. The  
> interpretation of the HTML occurs at the user's browser. A lot of  
> people will be using outdated browsers (IE 5.5 / 6), ergo security  
> (at the source) becomes my problem. I cannot force them to upgrade  
> their browsers.

I think this is very wrong for two reasons. First of all, the more web  
sites care of old browsers, the later people will upgrade them,  
therefore preventing the progress in Web (though IE 5.5 is not THAT  
old and bad, so this argument is not so strong). In Russia we some  
times say that a user with an outdated browser is an EPTH (Evil  
Pinocchio To Himself, don't ask me about source of this term).

Secondly, I don't think that filtering HTML coming from an arbitrary  
user is a good idea. HTML is not very human-readable and too complex  
to achieve real safety without lots of work. My suggestion is to use  
some home-grown wiki-like syntax - it's easier to enter (*bold*  
instead of <b>bold</b>), easier to read (and your users would  
sometimes read their comments before posting - to check correctness),  
and easier to process, since it can't have security holes you're not  
aware of.

But you're right, we are off topic.

More information about the Haskell-Cafe mailing list